Commercial Cyber Crime - Social Networks Malware
-
Upload
aditya-k-sood -
Category
Technology
-
view
2.007 -
download
0
description
Transcript of Commercial Cyber Crime - Social Networks Malware
![Page 1: Commercial Cyber Crime - Social Networks Malware](https://reader035.fdocuments.net/reader035/viewer/2022081816/54937b07ac79591d2e8b4831/html5/thumbnails/1.jpg)
11
Commercial Crime International
December 2011 More information online at www.icc-ccs.org
Cybercrime
Online Social Networks – Launch pads for Malware
The advent of social networkshas turned the online world
into a virtual society. And
whilst social networks serveas seamless communication
channels, they are also an ideallaunch pad for malware
infections. There has been atremendous increase in the
dissemination of malwareinfections through social net-works. But the security and
privacy mechanisms of socialnetworks have proven insuffi-
cient to prevent exploitation.
Aditya Sood and Richard
Enbody explain the dangers.
Social networks hold a plethora of personal information on the users that
form the network. Individual connections between users collectively form
a web of connections. To build each link between users an implicit trust
is required between the two users and implicitly across the entire network.
Any information provided by an individual user through chained connec-
tions becomes a part of the full network. If an attacker is able to exploit
one user in the social network, they have the potential to be able to
push malicious content (such as malicious URL’s) into the network.
The connectivity of the network enables the spread of the exploitation.
That is, the attacker exploits the weakest link in the chain. This exploita-
tion process is aided by the inability of users (and their stored objects)
to determine the legitimacy of content flowing through the social network.
The infection process begins with the exploitation of human ignorance
and curiosity followed by spreading of the infection through the trust
upon which the network is based.
In order to start the exploitation process, an attacker can pick any issue
that affects human emotions to drive the user in a social network to follow
the path generated by the attacker. Topics such as weather calamities,
political campaigns, national affairs, medical outbreaks and financial
transactions are used for initiating infections. Phishing and spamming are
used extensively for spreading messages on these topics with malicious
intent. Basically, it is a trapping mechanism used by attackers to infect
an entire online social network.
Exploit Mechanisms – The Art of Infection
Since social network exploitation begins by exploiting an individual user’s
trust, curiosity, or ignorance common attack strategies have emerged:
One of the simplest infection techniques is the injection of malicious
URLs into a user’s message wall. Since it can be difficult to differentiate
between the legitimate URLs and illegitimate ones, even a careful user
can be tempted to click on the link. Unfortunately for the user, clicking
the hyperlink can result in automatic download of malware from a mali-
cious domain through the browser.
Browser Exploit Packs (BEP) hold a number of browser-based
exploits that are bundled together to customise the response to a victim.
When a user visits a malicious domain, the BEP fingerprints the browser
version and the related environment of the user machine. Based on this
information, a suitable exploit is served to the user which exploits the
integrity of that particular browser.
Drive-by-Download attacks are triggered by visiting a malicious
page. They exploit browser vulnerabilities in plugins and built-in compo-
nents. Successful exploitation of the vulnerability results in the execution
of shell code that in turn downloads the malware into the system. A
variation of the Drive-by-Download attack is the Drive-by-Cache attack
that can exploit browser cache functionality in order to execute malware.
Malicious advertisements (malvertisements) are yet another tech-
nique to spread malware infections through online social networks. When
an attacker injects the malicious link in a user message board, it is linked
to a third party website which has malicious advertisements embedded
in it. These advertisements are further linked to malicious JavaScripts
that are retrieved by the browser, which executes the malicious content
in the context of running browser with the user’s privileges.
The biggest problem with the online social networks is that they do not
have sufficient built-in protection against malware. For example, current
continued on page 12/
Aditya K SoodAditya K SoodAditya K SoodAditya K SoodAditya K Sood is a senior security
researcher and PhD candidate at
Michigan State University. He is also
a founder of SecNiche Security Labs,
an independent arena for cutting
edge computer security research.
RicharRicharRicharRicharRichard J. Enbodyd J. Enbodyd J. Enbodyd J. Enbodyd J. Enbody, Ph.D, is associ-
ate professor in the Department of
Computer Science and Engineering
at Michigan State University (USA).
![Page 2: Commercial Cyber Crime - Social Networks Malware](https://reader035.fdocuments.net/reader035/viewer/2022081816/54937b07ac79591d2e8b4831/html5/thumbnails/2.jpg)
Published monthly by Published monthly by Published monthly by Published monthly by Published monthly by Commercial Crime Services,Commercial Crime Services,Commercial Crime Services,Commercial Crime Services,Commercial Crime Services,Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.
TTTTTel: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961el: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961el: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961el: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961el: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961
Email: [email protected] WEmail: [email protected] WEmail: [email protected] WEmail: [email protected] WEmail: [email protected] Website: wwwebsite: wwwebsite: wwwebsite: wwwebsite: www.icc-ccs.org.icc-ccs.org.icc-ccs.org.icc-ccs.org.icc-ccs.org
Editor: Andy Holder Email [email protected]: Andy Holder Email [email protected]: Andy Holder Email [email protected]: Andy Holder Email [email protected]: Andy Holder Email [email protected]
ISSN 1012-2710ISSN 1012-2710ISSN 1012-2710ISSN 1012-2710ISSN 1012-2710No part of this publication may be reproduced, stored in a retrieval system, or translated in any form or by
any means, electronic, mechanical, photocopying, recording, or otherwise without the prior permission of
the publishers.
While every effort has been made to check the information given in this publication, the authors, editors,
and publishers cannot accept any responsibility for any loss or damage whatsoever arising out of, or
caused by the use of, such information. Opinions expressed in Commercial Crime International are those of
the individual authors and not necessarily those of the publisher.
Copyright 2011. All rights reserved.
Cybercrime
EDF fined for hacking Greenpeace
social networks do not scan the
URL’s and embedded content
coming from third party servers
such as Content Delivery Networks.
Therefore, there is no mechanism
to detect the authenticity of URL’s
that are passed as message con-
tent among the user objects in the
online social networks. In addition, it
is easy to upload malvertisements,
and social networks fail to raise
any warning. Online social networks
are not harnessing the power of
Safe Browsing API’s from Google
or similar services to instantiate a
verification procedure before post-
ing a URL back to a user profile.
Lack of such basic protections is
a key factor in making the social
networks vulnerable to exploitation.
Finally, many social network users
are not knowledgeable enough
to differentiate between real and
malicious entities. Ignorance not
only results in exploitation, but also
greatly impacts the overall security
of online social networks. Because
of the high connectivity and need
for trust in a social network users
are particularly dependent on the
built-in security features of online
social networks, but the security
features are not tough enough
to thwart many malware attacks.
Conclusion
Robust security and privacy mecha-
nisms are indispensable for safe
online social networking. Built-in
security is necessary because
attackers exploit the trust, curiosity
and ignorance to garner maximum
profit. User awareness regarding
security concerns is important but
can only spread gradually, so social
networks should be proactive and
develop more sophisticated and
stringent mechanisms to thwart
malware infections. Safe and secure
transmission of the information and
robust user’s privacy should be the
paramount concern of the social
networking companies.
from page 11from page 11from page 11from page 11from page 11
EDF, the French energy firm,
was recently fined Euro 1.5 million
by a Paris court for spying on
Greenpeace. It must also pay
Greenpeace Euro 500,000 in dam-
ages. Two EDF employees were
jailed, along with the head of the
company they hired to hack into the
environmental charity’s computers.
EDF was charged with complicity
in concealing stolen documents and
complicity to intrude on a computer
network. It was claimed the com-
pany had organised surveillance
not only of Greenpeace in France,
but broadly across Europe since
2004. And it was stated that in
2006, EDF hired a detective agency,
Kargus Consultants, run by a former
member of France’s secret services,
to find out about Greenpeace
France’s intentions and its plan
to block new nuclear plants in the
UK. The agency allegedly hacked
the computer of Yannick Jadot,
Greenpeace’s then campaigns
director, taking 1,400 documents.
At the trial, EDF said it had been
victim of overzealous efforts, and
had been unaware anyone would
hack a computer. But Greenpeace
UK’s executive director, John
Sauven, said: “The evidence
presented at the trial showed that
the espionage undertaken by EDF
in its efforts to discredit Greenpeace
was both extensive and totally
illegal. The company should now
give a full account of the spying
operation it mounted.”
Whilst anti-nuclear activists are
reportedly furious at what EDF did,
a security expert has commented
that the only real surprise is that
this sort of trojan-assisted industrial
espionage has not reached the
courts before.
Philip Lieberman said that the case
is notable because the saga started
more than five years ago. And, he
wondered, how many other cases of
trojan-assisted industrial espionage
have been carried out in recent
years. What does this case tell us?
Quite simply that trojan-assisted
infections are almost certainly an
integral part of the modern-day
private detective’s IT arsenal when
conducting industrial espionage,”
he said. And we should ask whether
terrorists are using the same tech-
niques to assist their campaigns.